Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к файлу>' = '<Полный путь к файлу>:*:Enabled:<Имя файла>'
- 'C:\1.exe' (загружен из сети Интернет)
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -Embedding
- 'C:\1.exe'
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\RimArts\B2\Settings]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\SOFTWARE\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKLM>\Software\Ghisler\Total Commander]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\SOFTWARE\RIT\The Bat!]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Ghisler\Total Commander]
- C:\1.exe
- 'localhost':1041
- 'le###.peep.com.ua':80
- 'localhost':1038
- http://le###.peep.com.ua/test/host.exe
- DNS ASK le###.peep.com.ua
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''